BreachExchange mailing list archives
follow-up: Processor Warns of Hacking Trend
From: security curmudgeon <jericho () attrition org>
Date: Tue, 1 May 2012 00:12:03 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.bankinfosecurity.com/processor-warns-hacking-trend-a-4720 By Tracy Kitten Bank Info Security April 30, 2012 Over the past year, First Data, the largest payments processor in the U.S., has seen an uptick in "trolling" - hackers sniffing networks for remote access into point-of-sale systems that are open or loosely protected. The targets: Smaller merchants, those categorized by Visa as Level 4. These merchants process fewer than 1 million transactions per year and account for 32 percent of Visa's U.S. transactions. They also are largely non-compliant with the Payment Card Industry Data Security Standard. The risk, says John Graham, vice president of global information assurance and risk at First Data Corp., is that because these smaller merchants are not PCI compliant, they are vulnerable to breaches of credit and debit card data. "Over the last 12 months or so, trolling has really become prevalent," Graham says. So, too, have breaches. Erik Rasmussen, a special agent within the Cyber Intelligence Section of the U.S. Secret Service's Criminal Investigative Division, says most card fraud incidents today stem from POS hacks. "The No.1 way criminals are getting in is through remote access to the backhouse server," Rasmussen said during a recent RSA Conference presentation. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- follow-up: Processor Warns of Hacking Trend security curmudgeon (May 01)